US20130346741A1 - Method for authenticating low performance device - Google Patents
Method for authenticating low performance device Download PDFInfo
- Publication number
- US20130346741A1 US20130346741A1 US13/588,505 US201213588505A US2013346741A1 US 20130346741 A1 US20130346741 A1 US 20130346741A1 US 201213588505 A US201213588505 A US 201213588505A US 2013346741 A1 US2013346741 A1 US 2013346741A1
- Authority
- US
- United States
- Prior art keywords
- authentication
- vector
- coefficient set
- authentication device
- authentication server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Definitions
- Exemplary embodiments of the present invention relate to a method for authenticating a low performance device, and more particularly, to a device authenticating method, in which a low performance device such as a smart meter of a smart grid is authenticated in a matrix operation instead of an exponential operation through a homomorphic hash function (HHF) of a non-square matrix M, so that the amount of operations required for authenticating the device can be reduced and the device can be safely authenticated even without a separate certificate authority.
- HHF homomorphic hash function
- a smart grid refers to an intelligent power grid which optimizes efficiency of energy by incorporating information technology (IT) into a conventional unidirectional power grid composed of stages of ‘generation of power—transmission of power—distribution of power—sales of power’ and bi-directionally exchanging real-time information between power suppliers and power consumers.
- IT information technology
- the basic concept of the smart grid is to interconnect power plants, power transmission and distribution facilities, and power consumers through an information communication network, and efficiently operate the entire power grid system as one body through information shared bi-directionally.
- a power supplier may grasp a power usage state in real-time and flexibly control the amount of power supply using the smart grid, and a power consumer may grasp a power usage state in real-time and control the time and amount of power use by avoiding time zones of high rates based on the power usage state.
- a management server 10 and a plurality of unit measurement groups 30 are connected to an external network 20 .
- the management server 10 is a server which receives information on power consumption measured from a unit measurement object such as a house, a building, a factory or the like in real-time and performs a billing process for the consumed power, or transmits power rates changing in real-time to the unit measurement object so that the unit measurement object may efficiently manage electricity based on the power rates.
- the unit measurement group is a group that manages power consumption of the unit measurement object existing in an artificially set unit measurement area. The unit measurement group will be described in further detail with reference to FIG. 2 .
- the unit measurement group 30 includes a plurality of measurement devices 31 connected to a data collection unit 35 through an internal network 33 .
- the measurement device 31 measures information on the power consumed by the unit measurement object, and transmits information on the measured power consumption to the data collection unit 35 through the internal network 33 such as a power line communication (PLC), a Zigbee or the like, or receives power management information from the management server 10 through the external network 20 and the internal network 33 .
- PLC power line communication
- Zigbee Zigbee
- Such a smart grid system performs end-to-end communications between the management server and the measurement device and transmits/receives commercial information such as information on power consumption, power rates and the like in real-time, and thus authentication between the management server and the measurement device and perfect security for the information transmitted and received between the management server and the measurement device are required.
- a method for authenticating a device can be largely divided into a public key-based method and a symmetric key-based method.
- the symmetric key-based method has an advantage in that two devices are provided with a common symmetric key to authenticate each other based on the common symmetric key so that the amount of calculation needed for authentication is small.
- such a symmetric key-based method entails a problem in that the common symmetric key can be comparatively easily exposed to an unqualified third party, and thus if the common symmetric key is exposed to the third party, safe communication is not guaranteed.
- an authentication method based on electronic signature between a smart meter and a management server is disclosed in Korean Patent Laid-Open Publication No. 2011-0019506 (hereinafter, referred to as “prior art 1”).
- the smart meter has a security authentication module, and the security authentication module should store a pair of public keys for signature.
- Public key processing based on exponential operations can be performed without a problem since the management server is of high performance.
- a high-performance security authentication module capable of performing electronic signature is used in the smart meter in order to solve this problem.
- prior technology 1 is difficult to be used in a smart grid system which uses low performance measurement devices.
- Korean Patent Laid-Open Publication No. 2008-96181 discloses a method capable of authenticating a counterpart measurement device even without a separate certificate authority among a plurality of measurement devices constituting a power line communication network.
- a hash function based on a random number is used for authentication between a management server and a measurement device or between measurement devices, and the management server periodically updates the public key pair instead of not requiring communication with a third party authority.
- This public key pair is used to secure safety of communications.
- a method of authenticating a device according to an RSA encryption scheme involves a problem in that since it is based on complex exponential operations, it is difficult to be used in a smart grid system which uses low performance authentication devices.
- the present invention has been made to solve the above-mentioned problems involved in the conventional prior art, and it is an object of the present invention to provide a method of authenticating a low performance authentication device such as a smart meter of a smart grid, using a matrix operation instead of an exponential operation through a homomorphic hash function (HHF) of a non-square matrix M.
- HHF homomorphic hash function
- Another object of the present invention is to provide a method of primarily and secondarily authenticating an authentication device through a calculated first group authentication request coefficient set and a second group authentication request coefficient set.
- the present invention provides a device authenticating method including the steps of: transmitting an identifier of an authentication device to an authentication server, by the authentication device; searching for an authentication server key matrix mapped to the identifier of the authentication device, by the authentication server; transmitting an arbitrary n-dimensional first vector C MDMS to the authentication device when the authentication server key matrix is searched, by the authentication server; calculating an authentication request coefficient set expressing a sum vector calculated from an authentication device key matrix and the n-dimensional first vector C MDMS as a linear combination for a basis vector of a square basis matrix, and transmitting the authentication request coefficient set to the authentication server, by the authentication device; and calculating an authentication confirmation coefficient set expressing an encryption sum vector as a linear combination for a column vector of an authentication server key matrix mapped to the identifier of the authentication device using the first group authentication request coefficient set, and authenticating the authentication device based on the authentication confirmation coefficient set and the authentication request coefficient set, by the authentication server.
- the authentication device key matrix or the authentication server key matrix may be calculated by applying a square basis matrix to a non-square homomorphic hash function (HHF) and may be previously stored in the authentication server and the authentication device, the square basis matrix being previously stored in the authentication device.
- HHF homomorphic hash function
- HHF non-square homomorphic hash function
- M denotes an m ⁇ n matrix (m and n are integers, m ⁇ n, and n>2)
- x denotes an n-dimensional vector
- mod p (p is a prime number) is a function having a remainder calculated by dividing a number by p as a value.
- the authentication device may transmit a first group authentication request coefficient set among the calculated authentication request coefficient set to the authentication server, and the authentication server may primarily authenticate the authentication device by comparing identity between a first group authentication confirmation coefficient set among the calculated authentication confirmation coefficient set and the first group authentication request coefficient set.
- the device authenticating method may further include the steps of: when the authentication server primarily authenticates the authentication device, transmitting a first encryption key vector calculated from the authentication server key matrix and an n-dimensional second vector received from the authentication device to the authentication device, by the authentication server; and authenticating the authentication server by comparing a second encryption key vector calculated from the authentication device key matrix and the second vector with the first encryption key vector, by the authentication device.
- the device authenticating method further includes the steps of: when the authentication device authenticates the authentication server, transmitting a second group authentication request coefficient set among the authentication request coefficient set to the authentication server, by the authentication device; and finally authenticating the authentication device by comparing the second group authentication request coefficient set with a second group authentication confirmation coefficient set among the authentication confirmation coefficient set, by the authentication server.
- the step of transmitting the first group authentication request coefficient set to the authentication server may further include the steps of: calculating an n-dimensional sum vector by applying the key matrix (m ⁇ n) of the authentication device and the first vector to a key addition function; calculating the authentication request coefficient set (w 1 , w 2 , . . . , w n ) expressing the sum vector as the linear combination for the basis vector of the square basis matrix, by applying the sum vector and the square basis matrix to an extracting coefficient function; and transmitting the first group authentication request coefficient set (w 1 , w 2 , . . . , w n ⁇ m+1 ) among the calculated authentication request coefficient set to the authentication server.
- the step of primarily authenticating the authentication device may further include the steps of: calculating the encryption sum vector by applying the sum vector to the non-square homomorphic hash function (HHF), by the authentication server; calculating the authentication confirmation coefficient set (w 1 ′, w 2 ′, . . . , w n ′) expressing the encryption sum vector as a linear combination for a basis vector of the authentication server key matrix, by applying the encryption sum vector, the authentication server key matrix mapped to the identifier of the authentication device and the first group authentication request coefficient set to an extract coefficients function-variant; and primarily authenticating the authentication device by determining identity between the first group authentication confirmation coefficient set (w 1 ′, w 2 ′, . . . , w n ⁇ m+1 ′) among the authentication confirmation coefficient set and the first group authentication request coefficient set.
- HHF non-square homomorphic hash function
- FIG. 1 is a functional block diagram showing the overall configuration of a smart grid system
- FIG. 2 is a functional block diagram showing a unit measurement group of a smart grid system in detail
- FIG. 3 is a sequence diagram showing messages exchanged between a management server and an authentication device in a device authenticating method according to the present invention
- FIG. 4 is a functional block diagram showing an authentication device according to the present invention in detail
- FIG. 5 is a functional block diagram showing a management server according to the present invention in detail
- FIG. 6 is a flowchart illustrating a device authenticating method in an authentication device according to the present invention.
- FIG. 7 is a flowchart illustrating the step of calculating an authentication request coefficient set in detail in a device authenticating method according to the present invention.
- FIG. 8 is a flowchart illustrating a device authenticating method in a management server according to the present invention.
- FIG. 9 is a flowchart illustrating the step of creating a first vector in detail in a device authenticating method according to the present invention.
- FIG. 10 is a flowchart illustrating the step of primarily authenticating an authentication device in detail in a device authenticating method according to the present invention.
- FIG. 3 is a sequence diagram showing messages exchanged between a management server and an authentication device in a device authenticating method according to the present invention.
- the authentication device transmits its own device identifier (ID) to a management server (S 1 ).
- the management server receives the device identifier from the authentication device, it determines whether or not there is a key matrix k mapped to the received device identifier. If there is a key matrix mapped to the received device identifier, the management server creates an arbitrary n-dimensional first vector C MDMS and transmits the first vector to the authentication device (S 3 ).
- the authentication device calculates an authentication request coefficient set w by applying a sum vector h calculated from the received first vector and the key matrix stored in the authentication device and a square basis matrix S stored in the authentication device to an extracting coefficient function (ECF), and transmits a first group authentication request coefficient set cmt SM among the calculated authentication request coefficient set and an arbitrary n-dimensional second vector C SM to the management server (S 5 ).
- ECF extracting coefficient function
- the management server primarily authenticates the authentication device based on the first group authentication request coefficient set cmt SM , and if the authentication device is primarily authenticated as a result of the authentication, the management server transmits a first encryption key vector RESP MDMS , which is calculated by applying the key matrix and the second vector of the authentication device searched from the management server to an encryption function (Homomorphic Keyed Hash Function, HKHF), to the authentication device (S 7 ).
- RESP MDMS Real-Open Source Keyed Hash Function
- the authentication device When the authentication device authenticates the management server based on the identity between a second encryption key vector e, which is calculated by applying the key matrix and the second vector stored in the authentication device to the encryption function, and the first encryption key vector received from the management server, the authentication device transmits a second group authentication request coefficient set dcmt SM to the management server (S 9 ).
- an n ⁇ n square basis matrix S, an m ⁇ n non-square random matrix M (wherein, m and n are integers, and m ⁇ n), and a key matrix k created by applying the base matrix and the random matrix to a homomorphic hash function (HHF) are previously created by the management server or an authentication device manufacturer.
- the basis matrix and the key matrix are stored in the authentication device, and the key matrix is mapped to the identifier of the authentication device and stored in the management server.
- FIG. 4 is a functional block diagram showing an authentication device according to the present invention in detail.
- the authentication device will be described hereinafter in further detail with reference to FIG. 4 .
- a sum vector calculation unit 110 creates a sum vector h by applying the first vector C MDMS received from the management server and the key matrix k of the authentication device stored in an authentication device DB 150 to a key addition function (KAF).
- An authentication request coefficient calculation unit 120 calculates an authentication request coefficient set w, which expresses the sum vector as a linear combination for a basis vector configuring a square basis matrix, by applying the sum vector and the square basis matrix stored in the authentication device DB 150 to an extracting coefficient function (ECF).
- a second vector creation unit 140 creates the arbitrary n-dimensional second vector C SM , and an authentication device transmit and receive unit 160 transmits the second vector and the first group authentication request coefficient set among the authentication request coefficient set to the management server.
- a management server authentication unit 130 When a management server authentication unit 130 receives the first encryption key vector RESP MDMS from the management server through the authentication device transmit and receive unit 160 , the management server authentication unit 130 creates the second encryption key vector by applying the key matrix and the second vector stored in the authentication device DB 150 to the encryption function (HKHF) and authenticates the management server based on the identity between the second encryption key vector and the first encryption key vector.
- the management server authentication unit 130 authenticates the management server, the management server authentication unit 130 transmits the second group authentication request coefficient set among the authentication request coefficient set to the management server through the authentication device transmit and receive unit 160 .
- FIG. 5 is a functional block diagram showing a management server according to the present invention in detail.
- the management server according to the present invention will be described hereinafter in further detail with reference to FIG. 5 .
- a first vector creation unit 210 receives a device identifier from the authentication device, and if the received device identifier is searched from a management server DB 260 , the first vector creation unit 210 creates an arbitrary n-dimensional first vector C MDMS .
- An encryption sum vector calculation unit 220 calculates an encryption sum vector d by applying the authentication device key matrix and the first vector stored in the management server DB 260 to the encryption function (HKHF).
- An authentication confirmation coefficient calculation unit 230 calculates an authentication confirmation coefficient set by applying the encryption sum vector, the authentication device key matrix stored in the management server DB 260 and the first group authentication request coefficient set to an Extract Coefficients Function-variant (ECF-v).
- An authentication device authentication unit 240 primarily authenticates the authentication device by comparing the identity between a first group authentication confirmation coefficient set of the calculated authentication confirmation coefficient set and the first group authentication request coefficient set.
- a first encryption key vector creation unit 250 calculates a first encryption key vector RESP MDMS by applying the authentication device key matrix and the second vector stored in the management server DB 260 to the encryption function (HKHF).
- a management server transmit and receive unit 270 transmits the calculated first encryption key vector RESP MDMS to the authentication device.
- the authentication device authentication unit 240 finally authenticates the authentication device based on the identity between the second group authentication request coefficient set and a second group authentication confirmation coefficient set.
- FIG. 6 is a flowchart illustrating a device authenticating method in an authentication device according to the present invention.
- the device authenticating method in an authentication device will be described hereinafter in further detail with reference to FIG. 6 .
- the authentication device when it is desired to perform an authentication procedure between the authentication device and the management server, transmits a device identifier to the management server (S 110 ).
- the authentication device receives an arbitrary n-dimensional first vector C MDMS from the management server in response to the device identifier (S 120 ).
- the authentication device calculates an authentication request coefficient set from the authentication device key matrix, a sum vector calculated from the first vector and a square basis matrix of the authentication device and transmits a first group authentication request coefficient set among the calculated authentication request coefficient set and an arbitrary n-dimensional second vector C SM to the management server (S 130 ).
- the management server primarily authenticates the authentication device based on the first group authentication request coefficient set and the authentication device receives a first encryption key vector RESP MDMS from the management server
- the authentication device authenticates the management server based on the identity between the receive first encryption key vector and a second encryption key vector calculated by the authentication device (S 140 ).
- the authentication device requests final authentication of the authentication device by transmitting a second group authentication request coefficient set among the authentication request coefficient set to the management server (S 150 ).
- the management server since the first encryption key vector received from the management server and the second encryption key vector calculated by the authentication device are the same only when the management server and the authentication device have the same key matrix and second vector, the management server is authenticated by the identity between the first encryption key vector and the second encryption key vector.
- FIG. 7 is a flowchart illustrating the step of calculating an authentication request coefficient set in detail in a device authenticating method according to the present invention.
- the step of calculating the authentication request coefficient set will be described hereinafter in further detail with reference to FIG. 7 .
- a sum vector h is calculated by applying the first vector C MDMS received from the management server and the key matrix k stored in the authentication device DB to a key addition function (KAF) (S 131 ).
- KAF key addition function
- the key addition function (KAF) is a function of creating an n-dimensional vector by adding an m ⁇ n matrix and an n-dimensional vector.
- the sum vector is calculated from the key matrix k and the first vector C MDMS using the key addition function (KAF).
- mod p (p is a prime number) is a function having a remainder calculated by dividing a number by p as a value.
- An authentication request coefficient set is calculated by applying the calculated sum vector h and a square basis matrix stored in the authentication device DB to an extract coefficients function (ECF) (S 133 ).
- the extracting coefficient function (ECF) is a function of calculating a set of coefficients which express the sum vector h as a linear combination of a basis vector s of a basis matrix S, and this is expressed as Equation 1 as shown below.
- the basis matrix is a matrix expressed as a mutually independent n-dimensional basis vector, which can express an n-dimensional sum vector as a linear combination.
- this is a function for calculating coefficients (w 1 , w 2 , w 3 ) satisfying the following Equation 2 when
- a first group authentication request coefficient set cmt SM and a second group authentication request coefficient set dcmt SM are calculated from the calculated authentication request coefficient set as shown in Equation 3 (S 135 ).
- cmt SM (w 1 , . . . , w n ⁇ m+1 )
- the first group authentication request coefficient set among the authentication request coefficient set and an arbitrary 1 ⁇ n-dimensional second vector C SM are transmitted to the management server (S 137 ).
- FIG. 8 is a flowchart illustrating a device authenticating method in a management server according to the present invention.
- the device authenticating method in a management server will be described hereinafter in further detail with reference to FIG. 8 .
- the management server creates an arbitrary n-dimensional first vector C MDMS and transmits the first vector to authentication device (S 210 ).
- the management server receives the first group authentication request coefficient set and the second vector from the authentication device in response to the first vector (S 220 ).
- the management server calculates an authentication confirmation coefficient set by applying an encryption sum vector calculated from the authentication device key matrix and the first vector stored in the management server DB, the authentication device key matrix and the first group authentication request coefficient set to an Extract Coefficients Function-variant, and primarily authenticates the authentication device by comparing the identity between the first group authentication confirmation coefficient set among the calculated authentication confirmation coefficient set and the received first group authentication request coefficient set (S 230 ).
- a first encryption key vector RESP MDMS calculated from the authentication device key matrix and the second vector stored in the management server DB is transmitted to the authentication device (S 240 ).
- the management server When the management server is authenticated based on comparison of the identity between the second encryption key vector calculated by the authentication device and the first encryption key vector, the management server receives a second group authentication request coefficient set from the authentication device (S 250 ). The management server finally authenticates the authentication device based on the identity between the received second group authentication request coefficient set and the second group authentication confirmation coefficient set (S 260 ).
- FIG. 9 is a flowchart illustrating the step of creating a first vector in detail in a device authenticating method according to the present invention.
- the step of creating a first vector will be described hereinafter in further detail with reference to FIG. 9 .
- the management server receives a device identifier from the authentication device (S 211 ). All device identifiers for performing data communications and a key matrix of each authentication device mapped to each device identifier are stored in the management server DB, and the management server searches for an authentication device key matrix mapped to the device identifier based on the received device identifier (S 213 ).
- an authentication device key matrix mapped to the received device identifier is searched as a result, an arbitrary n-dimensional first vector C MDMS is created, and the created first vector is transmitted to the authentication device (S 215 ).
- FIG. 10 is a flowchart illustrating the step of primarily authenticating an authentication device in detail in a device authenticating method according to the present invention.
- an encryption sum vector d is calculated by applying the m ⁇ n key matrix k of the authentication device and the first vector C MDMS stored in the management server DB to an encryption function (HKHF) (S 231 ).
- the encryption function (HKHF) is a function synthesizing a key addition function (KAF) and a homomorphic hash function (HHF), which is expressed by the following Equation 4:
- HHF homomorphic hash function
- M denotes an m ⁇ n random matrix (m and n are integers, and m ⁇ n), and h denotes an n-dimensional vector.
- the homomorphic hash function has the characteristic as shown in following Equation 6 for vector c that is calculated by adding vector a, vector b, and a sum of vector a and vector b.
- An authentication confirmation coefficient set is calculated by applying the encryption sum vector d, the key matrix k of the authentication device stored in the management server DB and a part r of the first group authentication request coefficient set to an Extract Coefficients Function-variant (ECF-v) (S 233 ).
- ECF-v Extract Coefficients Function-variant
- Equation 7 the extract coefficients function-variant (ECF-v) is expressed as shown in the following Equation 7.
- Equation 8 HHF(1, 6, 6) is calculated as shown in the following Equation 8.
- a first group authentication confirmation coefficient set cmt CS and a second group authentication confirmation coefficient set dcmt CS are calculated from the calculated authentication confirmation coefficient set as shown in the following Equation 10 (S 235 ):
- cmt CS (w 1 ′, . . . , w n ⁇ m+1 ′)
- the identity between the first group authentication confirmation coefficient set and the first group authentication request coefficient set received from the authentication device is determined, and if it is determined that the first group authentication confirmation coefficient set is the same as the first group authentication request coefficient set, the management server primarily authenticates the authentication device (S 237 ).
- the identity between the authentication request coefficient set and the authentication confirmation coefficient set will be again described hereinafter in detail.
- the authentication request coefficient set (w 1 , . . . , w n ) is calculated from the linear combination of the basis vector of the square basis matrix in the authentication device as follows:
- the authentication confirmation coefficient set is calculated from the linear combination of the column vector of the key matrix, in the management server as follows:
- HHF(h) HHF(w 1 s 1 + . . . +w n s n ), and this is expressed as follows due to the property of HHF:
- the device authenticating method according to the present invention has the following various effects.
- the device authenticating method authenticates a device in a matrix operation through a homomorphic hash function (HHF) of a non-square matrix, so that the amount of operation needed for authenticating the device can be reduced.
- HHF homomorphic hash function
- the device authenticating method authenticates a device with a small amount of matrix operation through a homomorphic hash function (HHF) of a non-square matrix M, so that the inventive method can be used for a low performance authentication device such as a smart meter of a smart grid.
- HHF homomorphic hash function
- the device authenticating method according to the present invention can primarily authenticate an authentication device through the first group authentication request coefficient set and simultaneously finally authenticate the authentication device through the second group authentication request coefficient set.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Collating Specific Patterns (AREA)
Abstract
Description
- This application claims the benefit of Korean Patent Application No. 10-2012-0067014, filed on Jun. 21, 2012 in the Korean Intellectual Property Office, which is incorporated herein by reference in its entirety.
- 1. Field of the Invention
- Exemplary embodiments of the present invention relate to a method for authenticating a low performance device, and more particularly, to a device authenticating method, in which a low performance device such as a smart meter of a smart grid is authenticated in a matrix operation instead of an exponential operation through a homomorphic hash function (HHF) of a non-square matrix M, so that the amount of operations required for authenticating the device can be reduced and the device can be safely authenticated even without a separate certificate authority.
- 2. Description of Related Art
- A smart grid refers to an intelligent power grid which optimizes efficiency of energy by incorporating information technology (IT) into a conventional unidirectional power grid composed of stages of ‘generation of power—transmission of power—distribution of power—sales of power’ and bi-directionally exchanging real-time information between power suppliers and power consumers. The basic concept of the smart grid is to interconnect power plants, power transmission and distribution facilities, and power consumers through an information communication network, and efficiently operate the entire power grid system as one body through information shared bi-directionally.
- A power supplier may grasp a power usage state in real-time and flexibly control the amount of power supply using the smart grid, and a power consumer may grasp a power usage state in real-time and control the time and amount of power use by avoiding time zones of high rates based on the power usage state.
- The configuration of such a smart grid system will be described hereinafter in further detail with reference to
FIGS. 1 and 2 . - A
management server 10 and a plurality ofunit measurement groups 30 are connected to anexternal network 20. Herein, themanagement server 10 is a server which receives information on power consumption measured from a unit measurement object such as a house, a building, a factory or the like in real-time and performs a billing process for the consumed power, or transmits power rates changing in real-time to the unit measurement object so that the unit measurement object may efficiently manage electricity based on the power rates. Meanwhile, the unit measurement group is a group that manages power consumption of the unit measurement object existing in an artificially set unit measurement area. The unit measurement group will be described in further detail with reference toFIG. 2 . Theunit measurement group 30 includes a plurality ofmeasurement devices 31 connected to adata collection unit 35 through aninternal network 33. Themeasurement device 31 measures information on the power consumed by the unit measurement object, and transmits information on the measured power consumption to thedata collection unit 35 through theinternal network 33 such as a power line communication (PLC), a Zigbee or the like, or receives power management information from themanagement server 10 through theexternal network 20 and theinternal network 33. - Such a smart grid system performs end-to-end communications between the management server and the measurement device and transmits/receives commercial information such as information on power consumption, power rates and the like in real-time, and thus authentication between the management server and the measurement device and perfect security for the information transmitted and received between the management server and the measurement device are required.
- A method for authenticating a device can be largely divided into a public key-based method and a symmetric key-based method. The symmetric key-based method has an advantage in that two devices are provided with a common symmetric key to authenticate each other based on the common symmetric key so that the amount of calculation needed for authentication is small. However, such a symmetric key-based method entails a problem in that the common symmetric key can be comparatively easily exposed to an unqualified third party, and thus if the common symmetric key is exposed to the third party, safe communication is not guaranteed.
- On the other hand, in the case of public key-based method, devices performing authentication share a secret key unique to each device. The public key-based method entails a problem in that a device can be authenticated with high reliability using the secret key unique to the device, but an exponential operation is used in the authentication process, so that the method is difficult to implement in a low performance device, and needs a separate certificate authority.
- In an attempt to solve the problems associated with the symmetric key- and public key-based authentication methods, an authentication method based on electronic signature between a smart meter and a management server is disclosed in Korean Patent Laid-Open Publication No. 2011-0019506 (hereinafter, referred to as “
prior art 1”). For this authentication method, the smart meter has a security authentication module, and the security authentication module should store a pair of public keys for signature. Public key processing based on exponential operations can be performed without a problem since the management server is of high performance. However, since the smart meter is an embedded system having a relatively low operating capability, a high-performance security authentication module capable of performing electronic signature is used in the smart meter in order to solve this problem. However,prior technology 1 is difficult to be used in a smart grid system which uses low performance measurement devices. - In the meantime, Korean Patent Laid-Open Publication No. 2008-96181 (hereinafter, referred to as “
prior art 2”) discloses a method capable of authenticating a counterpart measurement device even without a separate certificate authority among a plurality of measurement devices constituting a power line communication network. In theprior art 2, a hash function based on a random number is used for authentication between a management server and a measurement device or between measurement devices, and the management server periodically updates the public key pair instead of not requiring communication with a third party authority. This public key pair is used to secure safety of communications. In relation toprior art 2, a method of authenticating a device according to an RSA encryption scheme involves a problem in that since it is based on complex exponential operations, it is difficult to be used in a smart grid system which uses low performance authentication devices. - Accordingly, the present invention has been made to solve the above-mentioned problems involved in the conventional prior art, and it is an object of the present invention to provide a method of authenticating a low performance authentication device such as a smart meter of a smart grid, using a matrix operation instead of an exponential operation through a homomorphic hash function (HHF) of a non-square matrix M.
- Another object of the present invention is to provide a method of primarily and secondarily authenticating an authentication device through a calculated first group authentication request coefficient set and a second group authentication request coefficient set.
- To achieve the above objects, the present invention provides a device authenticating method including the steps of: transmitting an identifier of an authentication device to an authentication server, by the authentication device; searching for an authentication server key matrix mapped to the identifier of the authentication device, by the authentication server; transmitting an arbitrary n-dimensional first vector CMDMS to the authentication device when the authentication server key matrix is searched, by the authentication server; calculating an authentication request coefficient set expressing a sum vector calculated from an authentication device key matrix and the n-dimensional first vector CMDMS as a linear combination for a basis vector of a square basis matrix, and transmitting the authentication request coefficient set to the authentication server, by the authentication device; and calculating an authentication confirmation coefficient set expressing an encryption sum vector as a linear combination for a column vector of an authentication server key matrix mapped to the identifier of the authentication device using the first group authentication request coefficient set, and authenticating the authentication device based on the authentication confirmation coefficient set and the authentication request coefficient set, by the authentication server.
- Herein, the authentication device key matrix or the authentication server key matrix may be calculated by applying a square basis matrix to a non-square homomorphic hash function (HHF) and may be previously stored in the authentication server and the authentication device, the square basis matrix being previously stored in the authentication device.
- The non-square homomorphic hash function (HHF) may be calculated by the following Equation 1:
-
HHF(x)=Mx=y(mod p) [Equation 1] - wherein M denotes an m×n matrix (m and n are integers, m<n, and n>2), x denotes an n-dimensional vector, and mod p (p is a prime number) is a function having a remainder calculated by dividing a number by p as a value.
- Preferably, the authentication device may transmit a first group authentication request coefficient set among the calculated authentication request coefficient set to the authentication server, and the authentication server may primarily authenticate the authentication device by comparing identity between a first group authentication confirmation coefficient set among the calculated authentication confirmation coefficient set and the first group authentication request coefficient set.
- The device authenticating method according to the present invention may further include the steps of: when the authentication server primarily authenticates the authentication device, transmitting a first encryption key vector calculated from the authentication server key matrix and an n-dimensional second vector received from the authentication device to the authentication device, by the authentication server; and authenticating the authentication server by comparing a second encryption key vector calculated from the authentication device key matrix and the second vector with the first encryption key vector, by the authentication device.
- The device authenticating method according to the present invention further includes the steps of: when the authentication device authenticates the authentication server, transmitting a second group authentication request coefficient set among the authentication request coefficient set to the authentication server, by the authentication device; and finally authenticating the authentication device by comparing the second group authentication request coefficient set with a second group authentication confirmation coefficient set among the authentication confirmation coefficient set, by the authentication server.
- More specifically, the step of transmitting the first group authentication request coefficient set to the authentication server may further include the steps of: calculating an n-dimensional sum vector by applying the key matrix (m×n) of the authentication device and the first vector to a key addition function; calculating the authentication request coefficient set (w1, w2, . . . , wn) expressing the sum vector as the linear combination for the basis vector of the square basis matrix, by applying the sum vector and the square basis matrix to an extracting coefficient function; and transmitting the first group authentication request coefficient set (w1, w2, . . . , wn−m+1) among the calculated authentication request coefficient set to the authentication server.
- More specifically, the step of primarily authenticating the authentication device may further include the steps of: calculating the encryption sum vector by applying the sum vector to the non-square homomorphic hash function (HHF), by the authentication server; calculating the authentication confirmation coefficient set (w1′, w2′, . . . , wn′) expressing the encryption sum vector as a linear combination for a basis vector of the authentication server key matrix, by applying the encryption sum vector, the authentication server key matrix mapped to the identifier of the authentication device and the first group authentication request coefficient set to an extract coefficients function-variant; and primarily authenticating the authentication device by determining identity between the first group authentication confirmation coefficient set (w1′, w2′, . . . , wn−m+1′) among the authentication confirmation coefficient set and the first group authentication request coefficient set.
- The above and other objects, features and advantages of the present invention will be apparent from the following detailed description of the preferred embodiments of the invention in conjunction with the accompanying drawings, in which:
-
FIG. 1 is a functional block diagram showing the overall configuration of a smart grid system; -
FIG. 2 is a functional block diagram showing a unit measurement group of a smart grid system in detail; -
FIG. 3 is a sequence diagram showing messages exchanged between a management server and an authentication device in a device authenticating method according to the present invention; -
FIG. 4 is a functional block diagram showing an authentication device according to the present invention in detail; -
FIG. 5 is a functional block diagram showing a management server according to the present invention in detail; -
FIG. 6 is a flowchart illustrating a device authenticating method in an authentication device according to the present invention; -
FIG. 7 is a flowchart illustrating the step of calculating an authentication request coefficient set in detail in a device authenticating method according to the present invention; -
FIG. 8 is a flowchart illustrating a device authenticating method in a management server according to the present invention; -
FIG. 9 is a flowchart illustrating the step of creating a first vector in detail in a device authenticating method according to the present invention; and -
FIG. 10 is a flowchart illustrating the step of primarily authenticating an authentication device in detail in a device authenticating method according to the present invention. -
- 10: Management server
- 20: External network
- 30: Unit measurement group
- 31: Measurement device
- 33: Internal network
- 35: Data collection unit
- 110: Sum vector calculation unit
- 120: Authentication request coefficient calculation unit
- 130: Management server authentication unit
- 140: Second vector creation unit
- 150: Authentication device DB
- 160: Transmit and receive unit
- 210: First vector creation unit
- 220: Encryption sum vector calculation unit
- 230: Authentication confirmation coefficient calculation unit
- 240: Authentication device authentication unit
- 250: First encryption key vector creation unit
- 260: Management server DB
- 270: Management server transmit and receive unit
- Hereinafter, a device authenticating method according to the present invention will be described in more detail with reference to the accompanying drawings.
-
FIG. 3 is a sequence diagram showing messages exchanged between a management server and an authentication device in a device authenticating method according to the present invention. - The message exchange between the management server and the authentication device will be described hereinafter in further detail with reference to
FIG. 3 . - Referring to
FIG. 3 , the authentication device transmits its own device identifier (ID) to a management server (S1). When the management server receives the device identifier from the authentication device, it determines whether or not there is a key matrix k mapped to the received device identifier. If there is a key matrix mapped to the received device identifier, the management server creates an arbitrary n-dimensional first vector CMDMS and transmits the first vector to the authentication device (S3). - The authentication device calculates an authentication request coefficient set w by applying a sum vector h calculated from the received first vector and the key matrix stored in the authentication device and a square basis matrix S stored in the authentication device to an extracting coefficient function (ECF), and transmits a first group authentication request coefficient set cmtSM among the calculated authentication request coefficient set and an arbitrary n-dimensional second vector CSM to the management server (S5).
- The management server primarily authenticates the authentication device based on the first group authentication request coefficient set cmtSM, and if the authentication device is primarily authenticated as a result of the authentication, the management server transmits a first encryption key vector RESPMDMS, which is calculated by applying the key matrix and the second vector of the authentication device searched from the management server to an encryption function (Homomorphic Keyed Hash Function, HKHF), to the authentication device (S7). When the authentication device authenticates the management server based on the identity between a second encryption key vector e, which is calculated by applying the key matrix and the second vector stored in the authentication device to the encryption function, and the first encryption key vector received from the management server, the authentication device transmits a second group authentication request coefficient set dcmtSM to the management server (S9).
- Herein, an n×n square basis matrix S, an m×n non-square random matrix M (wherein, m and n are integers, and m<n), and a key matrix k created by applying the base matrix and the random matrix to a homomorphic hash function (HHF) are previously created by the management server or an authentication device manufacturer. The basis matrix and the key matrix are stored in the authentication device, and the key matrix is mapped to the identifier of the authentication device and stored in the management server.
-
FIG. 4 is a functional block diagram showing an authentication device according to the present invention in detail. - The authentication device will be described hereinafter in further detail with reference to
FIG. 4 . - Referring to
FIG. 4 , a sumvector calculation unit 110 creates a sum vector h by applying the first vector CMDMS received from the management server and the key matrix k of the authentication device stored in anauthentication device DB 150 to a key addition function (KAF). An authentication requestcoefficient calculation unit 120 calculates an authentication request coefficient set w, which expresses the sum vector as a linear combination for a basis vector configuring a square basis matrix, by applying the sum vector and the square basis matrix stored in theauthentication device DB 150 to an extracting coefficient function (ECF). A secondvector creation unit 140 creates the arbitrary n-dimensional second vector CSM, and an authentication device transmit and receiveunit 160 transmits the second vector and the first group authentication request coefficient set among the authentication request coefficient set to the management server. - When a management
server authentication unit 130 receives the first encryption key vector RESPMDMS from the management server through the authentication device transmit and receiveunit 160, the managementserver authentication unit 130 creates the second encryption key vector by applying the key matrix and the second vector stored in theauthentication device DB 150 to the encryption function (HKHF) and authenticates the management server based on the identity between the second encryption key vector and the first encryption key vector. When the managementserver authentication unit 130 authenticates the management server, the managementserver authentication unit 130 transmits the second group authentication request coefficient set among the authentication request coefficient set to the management server through the authentication device transmit and receiveunit 160. -
FIG. 5 is a functional block diagram showing a management server according to the present invention in detail. - The management server according to the present invention will be described hereinafter in further detail with reference to
FIG. 5 . - Referring to
FIG. 5 , a firstvector creation unit 210 receives a device identifier from the authentication device, and if the received device identifier is searched from amanagement server DB 260, the firstvector creation unit 210 creates an arbitrary n-dimensional first vector CMDMS. An encryption sumvector calculation unit 220 calculates an encryption sum vector d by applying the authentication device key matrix and the first vector stored in themanagement server DB 260 to the encryption function (HKHF). An authentication confirmationcoefficient calculation unit 230 calculates an authentication confirmation coefficient set by applying the encryption sum vector, the authentication device key matrix stored in themanagement server DB 260 and the first group authentication request coefficient set to an Extract Coefficients Function-variant (ECF-v). An authenticationdevice authentication unit 240 primarily authenticates the authentication device by comparing the identity between a first group authentication confirmation coefficient set of the calculated authentication confirmation coefficient set and the first group authentication request coefficient set. - When the authentication
device authentication unit 240 primarily authenticates the authentication device, a first encryption keyvector creation unit 250 calculates a first encryption key vector RESPMDMS by applying the authentication device key matrix and the second vector stored in themanagement server DB 260 to the encryption function (HKHF). A management server transmit and receiveunit 270 transmits the calculated first encryption key vector RESPMDMS to the authentication device. When the authentication device authenticates the management server based on the first encryption key vector and the management server receives a second group authentication request coefficient set among the authentication request coefficient set from the authentication device, the authenticationdevice authentication unit 240 finally authenticates the authentication device based on the identity between the second group authentication request coefficient set and a second group authentication confirmation coefficient set. -
FIG. 6 is a flowchart illustrating a device authenticating method in an authentication device according to the present invention. - The device authenticating method in an authentication device will be described hereinafter in further detail with reference to
FIG. 6 . - Referring to
FIG. 6 , when it is desired to perform an authentication procedure between the authentication device and the management server, the authentication device transmits a device identifier to the management server (S110). The authentication device receives an arbitrary n-dimensional first vector CMDMS from the management server in response to the device identifier (S120). - The authentication device calculates an authentication request coefficient set from the authentication device key matrix, a sum vector calculated from the first vector and a square basis matrix of the authentication device and transmits a first group authentication request coefficient set among the calculated authentication request coefficient set and an arbitrary n-dimensional second vector CSM to the management server (S130). When the management server primarily authenticates the authentication device based on the first group authentication request coefficient set and the authentication device receives a first encryption key vector RESPMDMS from the management server, the authentication device authenticates the management server based on the identity between the receive first encryption key vector and a second encryption key vector calculated by the authentication device (S140). When the authentication device authenticates the management server, the authentication device requests final authentication of the authentication device by transmitting a second group authentication request coefficient set among the authentication request coefficient set to the management server (S150).
- Herein, since the first encryption key vector received from the management server and the second encryption key vector calculated by the authentication device are the same only when the management server and the authentication device have the same key matrix and second vector, the management server is authenticated by the identity between the first encryption key vector and the second encryption key vector.
-
FIG. 7 is a flowchart illustrating the step of calculating an authentication request coefficient set in detail in a device authenticating method according to the present invention. - The step of calculating the authentication request coefficient set will be described hereinafter in further detail with reference to
FIG. 7 . - Referring to
FIG. 7 , a sum vector h is calculated by applying the first vector CMDMS received from the management server and the key matrix k stored in the authentication device DB to a key addition function (KAF) (S131). Herein, the key addition function (KAF) is a function of creating an n-dimensional vector by adding an m×n matrix and an n-dimensional vector. - For example, the sum vector is calculated from the key matrix k and the first vector CMDMS using the key addition function (KAF).
-
- wherein, mod p (p is a prime number) is a function having a remainder calculated by dividing a number by p as a value.
- An authentication request coefficient set is calculated by applying the calculated sum vector h and a square basis matrix stored in the authentication device DB to an extract coefficients function (ECF) (S133). Herein, the extracting coefficient function (ECF) is a function of calculating a set of coefficients which express the sum vector h as a linear combination of a basis vector s of a basis matrix S, and this is expressed as
Equation 1 as shown below. Herein, the basis matrix is a matrix expressed as a mutually independent n-dimensional basis vector, which can express an n-dimensional sum vector as a linear combination. -
ECF(h,S)={w 1 , w 2 , . . . , w n} [Equation 1] - For example, this is a function for calculating coefficients (w1, w2, w3) satisfying the
following Equation 2 when -
- and h=(1, 6, 6):
-
- A first group authentication request coefficient set cmtSM and a second group authentication request coefficient set dcmtSM are calculated from the calculated authentication request coefficient set as shown in Equation 3 (S135).
-
cmtSM=(w1, . . . , wn−m+1) -
dcmtSM=(wn−m+2, . . . , wn) [Equation 3] - The first group authentication request coefficient set among the authentication request coefficient set and an arbitrary 1×n-dimensional second vector CSM are transmitted to the management server (S137).
-
FIG. 8 is a flowchart illustrating a device authenticating method in a management server according to the present invention. - The device authenticating method in a management server will be described hereinafter in further detail with reference to
FIG. 8 . - Referring to
FIG. 8 , if the received device identifier exists in the management server DB, the management server creates an arbitrary n-dimensional first vector CMDMS and transmits the first vector to authentication device (S210). The management server receives the first group authentication request coefficient set and the second vector from the authentication device in response to the first vector (S220). The management server calculates an authentication confirmation coefficient set by applying an encryption sum vector calculated from the authentication device key matrix and the first vector stored in the management server DB, the authentication device key matrix and the first group authentication request coefficient set to an Extract Coefficients Function-variant, and primarily authenticates the authentication device by comparing the identity between the first group authentication confirmation coefficient set among the calculated authentication confirmation coefficient set and the received first group authentication request coefficient set (S230). When the authentication device is authenticated primarily, a first encryption key vector RESPMDMS calculated from the authentication device key matrix and the second vector stored in the management server DB is transmitted to the authentication device (S240). - When the management server is authenticated based on comparison of the identity between the second encryption key vector calculated by the authentication device and the first encryption key vector, the management server receives a second group authentication request coefficient set from the authentication device (S250). The management server finally authenticates the authentication device based on the identity between the received second group authentication request coefficient set and the second group authentication confirmation coefficient set (S260).
-
FIG. 9 is a flowchart illustrating the step of creating a first vector in detail in a device authenticating method according to the present invention. - The step of creating a first vector will be described hereinafter in further detail with reference to
FIG. 9 . - Referring to
FIG. 9 , when it is desired to perform an authentication procedure, the management server receives a device identifier from the authentication device (S211). All device identifiers for performing data communications and a key matrix of each authentication device mapped to each device identifier are stored in the management server DB, and the management server searches for an authentication device key matrix mapped to the device identifier based on the received device identifier (S213). - If an authentication device key matrix mapped to the received device identifier is searched as a result, an arbitrary n-dimensional first vector CMDMS is created, and the created first vector is transmitted to the authentication device (S215).
-
FIG. 10 is a flowchart illustrating the step of primarily authenticating an authentication device in detail in a device authenticating method according to the present invention. - Referring to
FIG. 10 , an encryption sum vector d is calculated by applying the m×n key matrix k of the authentication device and the first vector CMDMS stored in the management server DB to an encryption function (HKHF) (S231). Herein, the encryption function (HKHF) is a function synthesizing a key addition function (KAF) and a homomorphic hash function (HHF), which is expressed by the following Equation 4: -
d=HKHF(k,C MDMS)=HHF(KAF(k,C MDMS))=HHF(h)(mod p) [Equation 4] - Herein, the homomorphic hash function (HHF) is a function of transforming an n-dimensional vector to an m-dimensional vector, which is expressed as shown in the following Equation 5:
-
HHF(h)=Mh=y(mod p) [Equation 5] - wherein M denotes an m×n random matrix (m and n are integers, and m<n), and h denotes an n-dimensional vector. The homomorphic hash function has the characteristic as shown in following Equation 6 for vector c that is calculated by adding vector a, vector b, and a sum of vector a and vector b.
-
HHF(c)=Mc=M(a+b)=Ma+Mb=HHF(a)+HHF(b)(mod p) [Equation 6] - An authentication confirmation coefficient set is calculated by applying the encryption sum vector d, the key matrix k of the authentication device stored in the management server DB and a part r of the first group authentication request coefficient set to an Extract Coefficients Function-variant (ECF-v) (S233). Herein, the extract coefficients function-variant (ECF-v) is expressed as shown in the following Equation 7.
-
ECF−v(d,k,r)={w 1 ′, w 2 ′, . . . , w n′} [Equation 7] - For example, when
-
- in Equation 5 and h=(1, 6, 6), HHF(1, 6, 6) is calculated as shown in the following Equation 8.
-
- ECF−v(d, k, r) is a function of calculating coefficients (w2′, w3′) satisfying a Equation 9 as shown below when r=0:
-
- A first group authentication confirmation coefficient set cmtCS and a second group authentication confirmation coefficient set dcmtCS are calculated from the calculated authentication confirmation coefficient set as shown in the following Equation 10 (S235):
-
cmtCS=(w1′, . . . , wn−m+1′) -
dcmtcs=(wn−m+2′, . . . , wn′). [Equation 10] - The identity between the first group authentication confirmation coefficient set and the first group authentication request coefficient set received from the authentication device is determined, and if it is determined that the first group authentication confirmation coefficient set is the same as the first group authentication request coefficient set, the management server primarily authenticates the authentication device (S237).
- The identity between the authentication request coefficient set and the authentication confirmation coefficient set will be again described hereinafter in detail. The authentication request coefficient set (w1, . . . , wn) is calculated from the linear combination of the basis vector of the square basis matrix in the authentication device as follows:
-
h=w 1 s 1 + . . . +w n s n. - On the other hand, the authentication confirmation coefficient set is calculated from the linear combination of the column vector of the key matrix, in the management server as follows:
-
d=w 1 ′k 1 + . . . +w n ′k n. - wherein, HHF(h)=HHF(w1s1+ . . . +wnsn), and this is expressed as follows due to the property of HHF:
-
HHF(w 1 s 1 + . . . +w n s n)=w 1 HHF(s 1)+ . . . +w n HHF(s n)=w 1 k 1 + . . . +w n k 1. - Herein, since HHF(h)=d, w1k1+ . . . +wnk1=w1′k1+ . . . +wn′kn is valid.
- As described above, the device authenticating method according to the present invention has the following various effects.
- First, the device authenticating method according to the present invention authenticates a device in a matrix operation through a homomorphic hash function (HHF) of a non-square matrix, so that the amount of operation needed for authenticating the device can be reduced.
- Second, the device authenticating method according to the present invention authenticates a device with a small amount of matrix operation through a homomorphic hash function (HHF) of a non-square matrix M, so that the inventive method can be used for a low performance authentication device such as a smart meter of a smart grid.
- Third, the device authenticating method according to the present invention can primarily authenticate an authentication device through the first group authentication request coefficient set and simultaneously finally authenticate the authentication device through the second group authentication request coefficient set.
- While the present invention has been described in connection with the exemplary embodiments illustrated in the drawings, they are merely illustrative and the invention is not limited to these embodiments. It will be appreciated by a person having an ordinary skill in the art that various equivalent modifications and variations of the embodiments can be made without departing from the spirit and scope of the present invention. Therefore, the true technical scope of the present invention should be defined by the technical spirit of the appended claims.
Claims (11)
HHF(x)=Mx=y(mod p) [Equation 1]
HHF(x)=Mx=y(mod p) [Equation 1]
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2012-0067014 | 2012-06-21 | ||
KR1020120067014A KR101437033B1 (en) | 2012-06-21 | 2012-06-21 | Method for authenticating low efficiency device |
Publications (2)
Publication Number | Publication Date |
---|---|
US20130346741A1 true US20130346741A1 (en) | 2013-12-26 |
US8806194B2 US8806194B2 (en) | 2014-08-12 |
Family
ID=49775456
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/588,505 Active 2033-02-09 US8806194B2 (en) | 2012-06-21 | 2012-08-17 | Method for authenticating low performance device |
Country Status (2)
Country | Link |
---|---|
US (1) | US8806194B2 (en) |
KR (1) | KR101437033B1 (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150046450A1 (en) * | 2013-08-08 | 2015-02-12 | Hitachi Solutions, Ltd. | Searchable code processing system and method |
CN105813092A (en) * | 2014-12-30 | 2016-07-27 | 亿阳信通股份有限公司 | Building network coverage optimization method based on bills and building network coverage optimization device based on bills |
CN108111485A (en) * | 2017-12-04 | 2018-06-01 | 兰州大学 | Sub-key generation method and device, reduction encryption key method and device |
US20180212755A1 (en) * | 2017-01-20 | 2018-07-26 | Enveil, Inc. | Secure Analytics Using an Encrypted Analytics Matrix |
US20180212933A1 (en) * | 2017-01-20 | 2018-07-26 | Enveil, Inc. | Secure Analytics Using Homomorphic and Injective Format-Preserving Encryption and an Encrypted Analytics Matrix |
US10693627B2 (en) | 2017-01-20 | 2020-06-23 | Enveil, Inc. | Systems and methods for efficient fixed-base multi-precision exponentiation |
US10817262B2 (en) | 2018-11-08 | 2020-10-27 | Enveil, Inc. | Reduced and pipelined hardware architecture for Montgomery Modular Multiplication |
US10902133B2 (en) | 2018-10-25 | 2021-01-26 | Enveil, Inc. | Computational operations in enclave computing environments |
WO2021144654A1 (en) * | 2020-01-19 | 2021-07-22 | Mobileye Vision Technologies Ltd. | Anonymous collection of data from a group of entitled members |
US11196541B2 (en) | 2017-01-20 | 2021-12-07 | Enveil, Inc. | Secure machine learning analytics using homomorphic encryption |
US11507683B2 (en) | 2017-01-20 | 2022-11-22 | Enveil, Inc. | Query processing with adaptive risk decisioning |
US11601258B2 (en) | 2020-10-08 | 2023-03-07 | Enveil, Inc. | Selector derived encryption systems and methods |
US11777729B2 (en) | 2017-01-20 | 2023-10-03 | Enveil, Inc. | Secure analytics using term generation and homomorphic encryption |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2860905A1 (en) * | 2013-10-09 | 2015-04-15 | Thomson Licensing | Method for ciphering a message via a keyed homomorphic encryption function, corresponding electronic device and computer program product |
US10764036B1 (en) * | 2018-03-06 | 2020-09-01 | Wells Fargo Bank, N.A. | Derived unique key per raindrop (DUKPR) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010036275A1 (en) * | 2000-01-25 | 2001-11-01 | Murata Kikai Kabushiki Kaisha And Masao Kasahara And Shigeo Tsujii | Secret key generating method, common key generating method, encryption method, cryptographic communication method and cryptographic communication system |
JP2009135871A (en) * | 2007-11-05 | 2009-06-18 | Sumitomo Electric Ind Ltd | Method for generating encryption key |
US7743253B2 (en) * | 2005-11-04 | 2010-06-22 | Microsoft Corporation | Digital signature for network coding |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2282051A1 (en) * | 1998-10-20 | 2000-04-20 | Lucent Technologies, Inc. | Efficient block cipher method |
KR101351789B1 (en) * | 2009-04-24 | 2014-01-15 | 니뽄 덴신 덴와 가부시키가이샤 | Cryptographic system, cryptographic communication method, encryption apparatus, key generation apparatus, decryption apparatus, content server, program, and storage medium |
-
2012
- 2012-06-21 KR KR1020120067014A patent/KR101437033B1/en active IP Right Grant
- 2012-08-17 US US13/588,505 patent/US8806194B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010036275A1 (en) * | 2000-01-25 | 2001-11-01 | Murata Kikai Kabushiki Kaisha And Masao Kasahara And Shigeo Tsujii | Secret key generating method, common key generating method, encryption method, cryptographic communication method and cryptographic communication system |
US7743253B2 (en) * | 2005-11-04 | 2010-06-22 | Microsoft Corporation | Digital signature for network coding |
JP2009135871A (en) * | 2007-11-05 | 2009-06-18 | Sumitomo Electric Ind Ltd | Method for generating encryption key |
Cited By (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150046450A1 (en) * | 2013-08-08 | 2015-02-12 | Hitachi Solutions, Ltd. | Searchable code processing system and method |
US9892211B2 (en) * | 2013-08-08 | 2018-02-13 | Hitachi, Ltd. | Searchable code processing system and method |
CN105813092A (en) * | 2014-12-30 | 2016-07-27 | 亿阳信通股份有限公司 | Building network coverage optimization method based on bills and building network coverage optimization device based on bills |
US11477006B2 (en) * | 2017-01-20 | 2022-10-18 | Enveil, Inc. | Secure analytics using an encrypted analytics matrix |
US11507683B2 (en) | 2017-01-20 | 2022-11-22 | Enveil, Inc. | Query processing with adaptive risk decisioning |
US20180212933A1 (en) * | 2017-01-20 | 2018-07-26 | Enveil, Inc. | Secure Analytics Using Homomorphic and Injective Format-Preserving Encryption and an Encrypted Analytics Matrix |
US10644876B2 (en) | 2017-01-20 | 2020-05-05 | Enveil, Inc. | Secure analytics using homomorphic encryption |
US10693627B2 (en) | 2017-01-20 | 2020-06-23 | Enveil, Inc. | Systems and methods for efficient fixed-base multi-precision exponentiation |
US10721057B2 (en) | 2017-01-20 | 2020-07-21 | Enveil, Inc. | Dynamic channels in secure queries and analytics |
US11196540B2 (en) | 2017-01-20 | 2021-12-07 | Enveil, Inc. | End-to-end secure operations from a natural language expression |
US10771237B2 (en) * | 2017-01-20 | 2020-09-08 | Enveil, Inc. | Secure analytics using an encrypted analytics matrix |
US10790960B2 (en) | 2017-01-20 | 2020-09-29 | Enveil, Inc. | Secure probabilistic analytics using an encrypted analytics matrix |
US10972251B2 (en) | 2017-01-20 | 2021-04-06 | Enveil, Inc. | Secure web browsing via homomorphic encryption |
US10873568B2 (en) * | 2017-01-20 | 2020-12-22 | Enveil, Inc. | Secure analytics using homomorphic and injective format-preserving encryption and an encrypted analytics matrix |
US10880275B2 (en) | 2017-01-20 | 2020-12-29 | Enveil, Inc. | Secure analytics using homomorphic and injective format-preserving encryption |
US10903976B2 (en) | 2017-01-20 | 2021-01-26 | Enveil, Inc. | End-to-end secure operations using a query matrix |
US11902413B2 (en) | 2017-01-20 | 2024-02-13 | Enveil, Inc. | Secure machine learning analytics using homomorphic encryption |
US11777729B2 (en) | 2017-01-20 | 2023-10-03 | Enveil, Inc. | Secure analytics using term generation and homomorphic encryption |
US11558358B2 (en) | 2017-01-20 | 2023-01-17 | Enveil, Inc. | Secure analytics using homomorphic and injective format-preserving encryption |
US10728018B2 (en) | 2017-01-20 | 2020-07-28 | Enveil, Inc. | Secure probabilistic analytics using homomorphic encryption |
US11196541B2 (en) | 2017-01-20 | 2021-12-07 | Enveil, Inc. | Secure machine learning analytics using homomorphic encryption |
US11290252B2 (en) | 2017-01-20 | 2022-03-29 | Enveil, Inc. | Compression and homomorphic encryption in secure query and analytics |
US20180212755A1 (en) * | 2017-01-20 | 2018-07-26 | Enveil, Inc. | Secure Analytics Using an Encrypted Analytics Matrix |
US11451370B2 (en) | 2017-01-20 | 2022-09-20 | Enveil, Inc. | Secure probabilistic analytics using an encrypted analytics matrix |
CN108111485A (en) * | 2017-12-04 | 2018-06-01 | 兰州大学 | Sub-key generation method and device, reduction encryption key method and device |
US11704416B2 (en) | 2018-10-25 | 2023-07-18 | Enveil, Inc. | Computational operations in enclave computing environments |
US10902133B2 (en) | 2018-10-25 | 2021-01-26 | Enveil, Inc. | Computational operations in enclave computing environments |
US10817262B2 (en) | 2018-11-08 | 2020-10-27 | Enveil, Inc. | Reduced and pipelined hardware architecture for Montgomery Modular Multiplication |
US11405366B2 (en) | 2020-01-19 | 2022-08-02 | Mobileye Vision Technologies Ltd. | Anonymous collection of data from a group of entitled members |
US11888826B2 (en) | 2020-01-19 | 2024-01-30 | Mobileye Vision Technologies Ltd. | Anonymous collection of data from a group of entitled members |
JP2023500992A (en) * | 2020-01-19 | 2023-01-17 | モービルアイ ビジョン テクノロジーズ リミテッド | Anonymous collection of data from groups of authorized members |
JP7238212B2 (en) | 2020-01-19 | 2023-03-13 | モービルアイ ビジョン テクノロジーズ リミテッド | Anonymous collection of data from groups of authorized members |
EP4340294A3 (en) * | 2020-01-19 | 2024-05-29 | Mobileye Vision Technologies Ltd. | Anonymous collection of data from a group of entitled members |
WO2021144654A1 (en) * | 2020-01-19 | 2021-07-22 | Mobileye Vision Technologies Ltd. | Anonymous collection of data from a group of entitled members |
US11601258B2 (en) | 2020-10-08 | 2023-03-07 | Enveil, Inc. | Selector derived encryption systems and methods |
Also Published As
Publication number | Publication date |
---|---|
US8806194B2 (en) | 2014-08-12 |
KR20130143446A (en) | 2013-12-31 |
KR101437033B1 (en) | 2014-11-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8806194B2 (en) | Method for authenticating low performance device | |
JP5840138B2 (en) | Cryptographically secure authentication device, system and method | |
Kim et al. | A secure smart-metering protocol over power-line communication | |
US8731199B2 (en) | Zero knowledge proofs for arbitrary predicates over data | |
CN108712261A (en) | A kind of key generation method, device and medium based on block chain | |
CN105812141A (en) | Outsourcing encrypted data-orientated verifiable intersection operation method and system | |
CN103873487A (en) | Method for achieving home credible networking based on safety pendent of smart home device | |
Kim et al. | Device authentication protocol for smart grid systems using homomorphic hash | |
US9356776B2 (en) | Key managing system and method for sensor network security | |
US20140052985A1 (en) | Methods for providing requested data from a storage device to a data consumer and storage devices | |
Khan et al. | A secure and efficient key agreement framework for critical energy infrastructure using mobile device | |
Clarke et al. | Cryptanalysis of the dragonfly key exchange protocol | |
KR102135710B1 (en) | Hardware secure module | |
US10419213B2 (en) | Key exchange method, key exchange system, key device, terminal device, and program | |
Sharma et al. | An efficient physically unclonable function based authentication scheme for V2G network | |
CN103118351B (en) | The generation method and apparatus of repaid card data | |
CN113434906B (en) | Data query method, device, computer equipment and storage medium | |
CN109067550B (en) | Bidirectional authentication system and bidirectional authentication method based on CPK (Combined public Key) identification key | |
Aggarwal et al. | Smart grid | |
Zhang et al. | A blind signature-aided privacy-preserving power request scheme for smart grid | |
KR101509079B1 (en) | Smart Card and Dynamic ID Based Electric Vehicle User Authentication Scheme | |
Ayub et al. | Secure consumer-centric demand response management in resilient smart grid as industry 5.0 application with blockchain-based authentication | |
CN105406961A (en) | Secret key negotiation method, terminal and server | |
Choi et al. | An efficient message authentication for non-repudiation of the smart metering service | |
CN116318637A (en) | Method and system for secure network access communication of equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: KOREA BASIC SCIENCE INSTITUTE, KOREA, REPUBLIC OF Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KIM, YOUNG SAM;HEO, JOON;JEONG, MUN SEOK;REEL/FRAME:028806/0321 Effective date: 20120803 |
|
AS | Assignment |
Owner name: INSTITUTE FOR BASIC SCIENCE, KOREA, REPUBLIC OF Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KOREA BASIC SCIENCE INSTITUTE;REEL/FRAME:031904/0947 Effective date: 20131220 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551) Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2552); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY Year of fee payment: 8 |